diff options
| author |   Florin Coras <fcoras@cisco.com> | 2018-03-05 16:53:07 -0800 |
|---|---|---|
| committer |   Dave Barach <openvpp@barachs.net> | 2018-03-07 13:27:59 +0000 |
| commit | 8f89dd01289ea9e97405432d2351a19c842dd6d5 (patch) | |
| tree | 67ab5d20f9ebbd34ee8d9fec2dfc3d97297fd0f7 /src/vnet/session/session.api | |
| parent | 7139e757b13212f3fd8e3f3f401018375fed0c61 (diff) | |
tls: enforce certificate verification
- add option to use test certificate in the ca chain
- add hostname to extended session endpoint fields and connect api
parameters. If hostname is present, certificate validation is
enforced.
- use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A
different path can be provided via startup config
Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb
Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/vnet/session/session.api')
| -rw-r--r-- | src/vnet/session/session.api | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/vnet/session/session.api b/src/vnet/session/session.api index 336b51cd333..bf88e82f336 100644 --- a/src/vnet/session/session.api +++ b/src/vnet/session/session.api @@ -13,7 +13,7 @@ * limitations under the License. */ -option version = "1.0.1"; +option version = "1.0.2"; /** \brief client->vpp, attach application to session layer @param client_index - opaque cookie to identify the sender @@ -292,6 +292,9 @@ autoreply define unbind_sock { @param ip - ip address @param port - port @param proto - protocol 0 - TCP 1 - UDP + @param hostname-len - length of hostname + @param hostname - destination's hostname. If present, used by protocols + like tls. */ autoreply define connect_sock { u32 client_index; @@ -303,6 +306,8 @@ autoreply define connect_sock { u8 ip[16]; u16 port; u8 proto; + u8 hostname_len; + u8 hostname[hostname_len]; }; /** \brief Bind reply |